> I hope this is not a stupid idea:>> I propose a finer-grained approach to suid-root binaries. Perhaps, > instead of having a single flag giving the binary all the rights and > responsibilities of its owner, there could be a table/list/something of > capabilities which we want to grant to the binary. This, of course, > would be a privileged operation (perhaps a new capability?).>> For example, we might want to grant cdrecord CAP_SYS_RAWIO. This way, we > don't have to worry about cdrecord running as root and not dropping all > the capabilities it doesn't need, by accident or by malice.

cdrecord neither does drop the privileges by accident nor by malice.What I however see is that a completely unneeded incompatible interface change has been applied to a _stable_ Kernel.

On a cleanly designed OS with fine grained permissions, a program like cdrecorddoes not need to worry about the permissions as it gets exactly the needed permissions granted by the execution environment.